惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
IT之家
IT之家
S
SegmentFault 最新的问题
T
Tailwind CSS Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 司徒正美
J
Java Code Geeks
博客园 - 聂微东
雷峰网
雷峰网
阮一峰的网络日志
阮一峰的网络日志
The Cloudflare Blog
博客园_首页
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 【当耐特】
腾讯CDC
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
宝玉的分享
宝玉的分享
小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Hugging Face - Blog
Hugging Face - Blog
月光博客
月光博客
NISL@THU
NISL@THU
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
L
LINUX DO - 热门话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
F
Fortinet All Blogs
博客园 - Franky
L
Lohrmann on Cybersecurity
S
Secure Thoughts
量子位
V
Vulnerabilities – Threatpost
Last Week in AI
Last Week in AI
博客园 - 叶小钗
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 最新话题
I
InfoQ
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
G
GRAHAM CLULEY
Cisco Talos Blog
Cisco Talos Blog

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Countries use cyber targeting to plan strikes: Amazon CSO Overconfidence is the new zero-day as teams stumble through cyber simulations UK's Cyber Security and Resilience Bill makes Parliamentary debut Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts Amazon CISO: Iranian hacking crews ‘on high alert’ UK data watchdog fines 23andMe £2.3M over 2023 breach Employers are demanding too much from junior cyber recruits FCA warned four staffers who pocketed regulator data Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? US cyber defenses are being dismantled from the inside Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
Germany slams brakes on EU's Chat Control snoopfest
Connor Jones Connor Jones · 2025-10-08 · via The Register - Security: CSO

Germany has committed to oppose the EU's controversial "Chat Control" regulations following huge pressure from multiple activists and major organizations.

The draft regs would allow authorities to compel providers of communications services – such as WhatsApp, Signal, etc – to monitor user comms for potential child sexual abuse material. And they wouldn't exempt encrypted services.

Jens Spahn, a member of the Bundestag for Germany's Christian Democratic Union (CDU) – part of the ruling coalition in the country – confirmed in a statement on Tuesday that the German government would not allow the proposed regulations, which are commonly referred to as Chat Control, to become law.

"We, the CDU/CSU parliamentary group in the Bundestag, are opposed to the unwarranted monitoring of chats. That would be like opening all letters as a precautionary measure to see if there is anything illegal in them. That is not acceptable, and we will not allow it."

As The Reg has mentioned previously, to pass the legislation, EU leaders need support from nations representing the majority of the member-state bloc's population – which is why Germany's is a key player.

The news follows speculation last week that Germany would reverse its stance and oppose the Child Sexual Abuse (CSA) Regulation, which EU politicians have tried to pass since it was first tabled in 2022.

Essentially, it's the EU's version of the UK's long-held ambition to force encrypted messaging platforms to break end-to-end encryption (E2EE), packaged under a similar guise.

If passed, the CSA Regulation would require communications platforms to deploy AI-powered content filters to ensure CSA material was blocked, and those possessing and sharing it be brought to justice.

And, of course, would also undermine E2EE, theoretically allowing the EU to spy on any citizen's private communications.

So far, Chat Control has naturally received similarly heated opposition as the UK's equivalent plans, first through the Investigatory Powers Act and later through the Online Safety Act.

Among the strongest opponents to the CSA Regulation is the human rights organization European Digital Rights (EDRi), which believes that the proposed mandatory technologies platforms would be required to deploy are ineffective and unreliable.

It echoed the repeated messaging from E2EE messaging platforms that such regulations cannot be implemented while simultaneously upholding private encryption, with many threatening to leave markets that mandate such measures.

EDRi also warned in September that the CSA Regulation would likely force platforms to verify users' ages, much like how the Online Safety Act has in the UK in recent months.

It argued: "All current age verification tools pose a threat to free expression, autonomy, and privacy. As a result, such measures would risk systematic exclusion of people without digital identity documents, and could also mean the end of online anonymity. This would put a lot of people at risk: whistle-blowers, activists, people seeking reproductive healthcare, and more.

"In short, the negative impact of Chat Control on democracy would be unprecedented. And by legitimising these dangerous practices, the EU would be giving a signal to the rest of the world that there can be no privacy of digital communications."

Just a few months into the Online Safety Act requiring age verification, user data collected by these platforms has already been leaked in a major data breach at one of Discord's suppliers.

Why Germany's vote is so important 

The EU Council requires what's known as a qualified majority to pass most pieces of legislation.

To block that legislation, there must be a blocking minority, the requirements for which include at least four member states opposing a given proposal and the opposition representing at least 35 percent of the EU's total population.

With the likes of France, Spain, Portugal, and a number of other countries supporting the proposed CSA Regulation, the opposing states needed a large country to join them and create that blocking minority.

Before Germany signaled its position this week, Poland and the Netherlands were the largest of the states to have committed their opposition ahead of a formal vote on the matter on October 14.

Germany's population of around 83.5 million people represents around 19 percent of the total population of EU member states, meaning that it holds a great deal of power when it comes to deciding qualified majorities and blocking minorities.

With Germany opposing the CSA Regulation, it's now unlikely to pass as EU legislation, factoring in the population of the other, smaller nations that also oppose it.

Italy, Belgium, and Sweden are the largest states yet to decide on how they will vote next week.

Under pressure

Multiple major organizations such as Signal and Tuta Mail – both of which are built on privacy-preserving tech – have threatened to pull out of the EU if the CSA Regulation passes.

Meredith Whittaker, Signal's president and an outspoken critic of anti-privacy legislation, said she would pull Signal from the EU in the same way she threatened to do with Sweden earlier this year.

Following reports last week suggesting that Germany was leaning toward supporting the proposal, Whittaker pleaded with the country in an open letter [PDF] to vote against it.

She wrote: "Under the guise of protecting children, the latest Chat Control proposals would require mass scanning of every message, photo, and video on a person's device, assessing these via a government-mandated database or AI model to determine whether they are permissible content or not.

"This is a horrifying idea for many reasons. First, the technical consensus is clear. Scanning every message – whether you do it before, or after these messages are encrypted – negates the very premise of end-to-end encryption. Instead of having to break the gold-standard Signal encryption protocol to access someone's Signal messages, hackers and hostile nation states only need to piggyback on the access granted to the scanning system. This threat is so severe that even intelligence agencies agree it would be catastrophic for national security.

"These proposals ignore the strategic importance of private communications, and the longstanding technical consensus that you cannot create a backdoor that only lets the 'good guys' in. What they propose is in effect a mass surveillance free-for-all, opening up everyone's intimate and confidential communications, whether government officials, military, investigative journalists, or activists. For all of Europe's talk of sovereignty, this is a bizarre cybersecurity decision on multiple fronts."

Matthias Pfau, CEO of Germany-based Tuta Mail, which was one of the 40 pro-privacy signatories consisting of multiple European SMEs on a separate but similar open letter addressed to Germany, also threatened to pull out of the EU.

"If Chat Control passes, we as an encrypted provider have two options: sue to fight for people's privacy, or leave the EU. And we've decided to fight. We will never weaken or backdoor our encryption," he said.

These letters add to the 600 signatories of a similar one, which The Register covered in September, issued ahead of a European Council debate before the proposed regs went to full vote next week.

Additional pressure has come from former MEP and longstanding digital rights activist Patrick Breyer, who is a major critic of Chat Control.

He is a longtime supporter of the European Parliament's alternative to the CSA Regulation in its current form. Drafted in 2023, the Parliament's negotiating mandate [PDF] removes some of the most controversial aspects of the regulation, such as client-side scanning and plans for what Breyer describes as blanket chat control.

A Danish software engineer going by the name of Joachim runs fightchatcontrol.eu – a website displaying information about how each member state plans to vote next week, and a handy tool that generates semi-personalized email templates for users to bombard their MEPs, urging them to vote against the legislation.

Evin Incir, Swedish MEP for the Socialists and Democrats, told Politico that the party's office receives hundreds of emails per day as a result of Joachim's tool. ®